RBAC for CMS

This sample shows how to enable the Role Based Access Management for the Content Management System in Eclipse Dirigible.

Steps

  1. Set the environment variable:

    export DIRIGIBLE_CMS_ROLES_ENABLED=true

before staring the Dirigible instance

Note: for SAP Cloud Platform Neo use the deploy parameter:

1
-DDIRIGIBLE_CMS_ROLES_ENABLED=true
  1. Open Dirigible WebIDE and go to Documents perspective
  2. Create sub-folder “private” under the “root” folder
  3. Create sub-folder “shared” under the “root” folder
  4. Upload a text file named “secret.txt” under the “private” folder with the following content
1
This is a top secret information accessible only by users with the role Operator!
  1. Upload a text file named “billboard.txt” under the “shared” folder with the following content
1
This is a public notice accessible by Everyone.
  1. Click on Preview icon next to the files. You should be able to see the content of both of them.

  2. Open the Workspace perspective in the WebIDE
  3. Create a project named “cms_permissions”
  4. Create an *.access file via the popup menu New->Access Constraints
  5. Open the file with editor
  6. Delete the sample record
  7. Click New button
  8. Fill the form as follows:
1
2
3
4
Path: /private
Method: READ
Scope: CMIS
Roles: Operator
  1. Click Save button
  2. The content of the file should look like:
1
2
3
4
5
6
7
8
9
10
11
12
{
  "constraints": [
    {
      "path": "/private",
      "method": "READ",
      "scope": "CMIS",
      "roles": [
        "Operator"
      ]
    }
  ]
}

Note: You can inspect that be closing the editor and then use Open With from the popup menu on the same file, but choosing Orion editor option

  1. Publish the project manually via the popup menu on the project level (in case the Auto-Publish is disabled)
  2. After a while open the Operations perspective and select the Access view
  3. You should be able to identify a line similar like this:

    /cms_permissions/private.access CMIS /private READ Operator Aug 17, 2018 3:33:00 PM guest

  4. Open the Preview of the file secret:

    http://localhost:8080/services/v3/js/ide-documents/api/read/document/preview?path=/private/secret.txt

  5. Only the users who has the role Operator should be able to see the content of the file
Edit